/*
package com.shinewing.sconlyoffice.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;


@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/admin/**")
                .hasRole("admin")
                .antMatchers("/user/**")
                .hasAnyRole("ADMIN", "USER")
                .antMatchers("/superadmin/**")
                .access("hasRole('ADMIN') and hasRole('MANAGER')")
                .anyRequest().authenticated()
                .and()
                .formLogin() */
/*表单登陆相关配置*//*

//                .loginPage("/login") //自定义登陆界面
//                .loginProcessingUrl("/login") //登陆请求处理接口
//                .usernameParameter("name")  //登陆接口传参用户名参数名
//                .passwordParameter("password")  //登陆接口传参密码参数名
                .successForwardUrl("/IndexServlet")  //登陆成功跳转Url
//                .successHandler() //自定义登陆成功处理逻辑
//                .failureForwardUrl("/login")  //登陆失败跳转Url
//                .failureHandler() //自定义登陆失败处理逻辑
                .permitAll()  //登陆处理的Url不进行拦截
                .and()
                .logout() //注销配置
                .logoutUrl("/logout")  //注销请求Url
                .clearAuthentication(true) //是否清除身份信息
                .invalidateHttpSession(true) //是否失效session
//                .addLogoutHandler()  //添加自定义注销处理逻辑
                .logoutSuccessUrl("/login")
//                .logoutSuccessHandler() //注销成功处理逻辑
                .permitAll()  //注销Url放行
//                .rememberMe()  //使用rememberMe功能
                .and()
                .csrf().disable();
    }

//    @Override
//    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        auth.inMemoryAuthentication()
//                .withUser("admin")
//                .password(passwordEncoder().encode("123456"))
//                .and()
//                .withUser("user")
//                .password(passwordEncoder().encode("12321"))
//                .accountExpired(false)
//                .accountLocked(false);
//    }

    //    private PasswordEncoder passwordEncoder() {
//        return new BCryptPasswordEncoder();
//    }
    @Override
    public void configure(WebSecurity web) throws Exception {

        // 全局配置：忽略url
        web.ignoring().antMatchers("/upload").antMatchers("/*");

    }

}
*/
